A network service provider (NSP) is a company that provides backbone (i.e., a set of paths that local or regional networks connect to for long-distance interconnection via network nodes, which are the connection points) services to an Internet service provider (ISP). An ISP provides access to the Internet to most Web users by connecting to a regional ISP at an Internet Exchange (IX). The regional ISP connects to an NSP backbone. The NSP routes all data traffic and provides the infrastructure required for Internet connectivity. The NSP builds, maintains, and expands their infrastructure as Internet traffic demands. The ISP is responsible for its own network's customer services. These services are provided under the ISP's brand name rather than that of the NSP. An ISP has the equipment and the telecommunication line access required to have a point-of-presence on the Internet for the geographic area served. The larger (regional) ISPs have their own high-speed leased lines so that they are less dependent on the telecommunication providers and can provide better service to their customers.
Security is one of the main issues that must be provided by modern NSPs. Conventional solutions, such as Velocity Networks Velocity Networks (Hawthorne, Calif., U.S.A.) provide centrally managed firewall services for ensuring that enterprises' data is kept secure by monitoring their firewall. However, in order not to introduce a bottleneck in data traffic, such solution requires operation in very high data rate and therefore is not feasible for high throughput data rates.
U.S. Pat. No. 6,925,493 (Barkan et al.) discloses a system for automatically monitoring and managing Service Level Agreements (SLAB) on behalf of Service Providers (such as Application Service providers). The system enables Application Service providers to set up customized Service Level Agreements with customers, and monitor, modify and control aspects of these agreements, using a formula driven language that translates Service Level Agreement details into commands. As such these details can be tracked and processed to produce detailed reports and summaries.
U.S. Pat. No. 6,948,003 (Newman et al.) discloses a system that allows a service provider to provide Intranet services remotely by assigning private virtual servers to customers. Each customer addresses transmissions to one or more private virtual servers using private addresses from the customer's private Intranet. Customers exchange privately-addressed transmissions with the service provider using tunnels to traverse the local or regional network connecting the customer with the service provider. The service provider routes the transmissions to the relevant private virtual server belonging to the customer that sent the transmission, as well as privately-addressed transmissions back to individual customers using tunnels.
All the methods described above have not yet provided satisfactory solutions to the problem of providing an effective solution for security management in NSP networks.
It is therefore an object of the present invention to provide a method for providing an effective security management in NSP networks.
It is another object of the present invention to provide a method for providing a dynamic firewall for NSP networks that prevents intrusions into these networks.
It is a further object of the present invention to provide a method for providing a dynamic firewall for NSP networks that blocks intrusions from propagating even after intrusion.
Other objects and advantages of the invention will become apparent as the description proceeds.